Re: IPSec auditing

From: Daniel Angelucci (angelucc@nospam.duke.edu)
Date: 11/01/02

• Next message: Russ: "complex password policy"
• Previous message: Joel Wilson: "Re: Decrypting a W2K encrypted file"
• In reply to: Eric Fitzgerald [MS]: "Re: IPSec auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 01 Nov 2002 12:09:07 -0500
From: Daniel Angelucci <angelucc@nospam.duke.edu>

It's not the auditing; it's the whole implementation.

Dan

Eric Fitzgerald [MS] wrote:
> Why not share with the group? If you have some questions about auditing
> I'll be glad to address them.
>
> Eric
>
>
> "Daniel Angelucci" <angelucc@nospam.duke.edu> wrote in message
> news:3DC1367F.5070802@nospam.duke.edu...
>
>>Let's see... a quick look at my log and auditing policy would suggest
>>the following....
>>
>>Audit system events should be set to success, failure.
>>
>>I am glad to see someone else doing this. Could you email me privately?
>> I have some experiences that I wanted to confirm.
>>
>>Thanks!
>>Dan
>>
>>Michael Buchardt wrote:
>>
>>>Hi
>>>
>>>I am trying to audit the IPSec communication between two clients in
>>
> domain.
>
>>>When I ping one the client the first time I get informed that it is
>>>negotiating IPSec and the second time I ping the echo reply comes
>>
> through.
>
>>>Not problems there. If I startup isecmon.exe I can see that the traffic
>>
> is
>
>>>encrypted.
>>>I have turned on auding on both client machines (Logon events + object
>>>access - failure and success). But I doesn´t get any event ID 541 which
>>>should state successful establishment of an IPSec Security Association
>>
> (SA).
>
>>>I have tryed all that I can think of - am I doing something wrong here?!
>>>
>>>Kind Regards
>>>
>>>
>>>Michael Buchardt
>>>
>>>
>>
>>
>
>

• Next message: Russ: "complex password policy"
• Previous message: Joel Wilson: "Re: Decrypting a W2K encrypted file"
• In reply to: Eric Fitzgerald [MS]: "Re: IPSec auditing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IPSec auditing ... If you have some questions about auditing ... >> When I ping one the client the first time I get informed that it is ... >> negotiating IPSec and the second time I ping the echo reply comes ... (microsoft.public.win2000.security) Re: Security Event Log - Can anyone explain ?? ... Eric Fitzgerald ... Windows Auditing and Intrusion Detection ... and It mentioned that security auditing was turn off. ... (microsoft.public.win2000.security) Re: COTS application suggestions for auditing ... Eric Fitzgerald wrote: ... > The performance impact is probably caused by having to perform two ... > I also suggest against auditing reads of any sort, ... > Program Manager, Windows Auditing ... (microsoft.public.security) Re: Is it possible to find out who deleted a file under W2K/NT?? ... audit policy, directly or via domain policy, and had set a SACL on the ... Eric Fitzgerald ... Windows Auditing and Intrusion Detection ... (comp.os.ms-windows.nt.admin.security) Re: Is it possible to find out who deleted a file under W2K/NT?? ... audit policy, directly or via domain policy, and had set a SACL on the ... Eric Fitzgerald ... Windows Auditing and Intrusion Detection ... (comp.os.ms-windows.nt.admin.security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint